No, I think all is good if that key doesn't exist. I don't have a "System" subkey under policies on my XP workstation either.
This malware did modify the .exe associations in the registry too, but it sounds like you are able to launch other executables OK, your problem could be something else. Might be worth a look at that key to see if it has been modified though. The default should be "%1" %* HKEY_CLASSES_ROOT\exefile\shell\open\command "%1" %* Jeff On Tue, Sep 8, 2009 at 12:45 PM, <[email protected]> wrote: > > Is this registry key hidden? I can't find anything like this in either > HKCU or HKUsers... > > However, the file "taskman.exe" shows, both in Explorer and from a "dir" > command. However, if in Explorer I double-click the file icon, I get the > "file not found" error pop-up. > > I'm about to do some deeper scans, but perhaps those could be aborted if it > were simply a matter of whacking that registry entry. > > Thanks! > -- > Richard D. McClary > Systems Administrator, Information Technology Group > > *ASPCA®* > 1717 S. Philo Rd, Ste 36 > Urbana, IL 61802 > > [email protected] > > P: 217-337-9761 > C: 217-417-1182 > F: 217-337-9761 > *www.aspca.org* <http://www.aspca.org/> > > > The information contained in this e-mail, and any attachments hereto, is > from The American Society for the Prevention of Cruelty to Animals® (ASPCA > ®) and is intended only for use by the addressee(s) named herein and may > contain legally privileged and/or confidential information. If you are not > the intended recipient of this e-mail, you are hereby notified that any > dissemination, distribution, copying or use of the contents of this e-mail, > and any attachments hereto, is strictly prohibited. If you have received > this e-mail in error, please immediately notify me by reply email and > permanently delete the original and any copy of this e-mail and any printout > thereof. > > > Jeff Bunting <[email protected]> wrote on 09/08/2009 10:59:48 AM: > > > > Richard, > > > > There was a thread last week about a fake antivirus that disabled > > task manager. It apparently disabled it via a registry key: > > > > > [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] > > "DisableTaskMgr" > > > > Jeff > > > On Tue, Sep 8, 2009 at 11:42 AM, <[email protected]> wrote: > > > > I have a desktop machine doing something troubling... > > > > It's a Dell PWS-380, WinXP-Pro SP2. > > In an remote desktop session, I was wanting to see if a specific > > process was running, so I right-clicked the task bar and chose > > TaskManager. I got the hour glass icon for about a second, then > > nothing - for quite a long time. > > > > I went to the desk and logged in locally. Same thing. I did a > > "chkdsk /f" command and rebooted. > > > > Logging back in (locally) I did see a gray icon for VIPRE > > Enterprise. Its agent version and definitions were current. I > > initiated a deep scan. (Hopefully, none of this is relevent, but > > VIPRE/SBamSvc was the process for which I was originally hunting.) > > So far, VIPRE has not detected any malware (yet!). > > > > I still cannot run Task Manager on this machine - either by right- > > clicking the task bar and selecting it, or by Ctrl-Alt-Del and > > clicking the Task Manager button. > > > > SO, I go to the machine and run "taskmgr.exe". To that I get a > > response - the file is not there. > > > > Any ideas as to what could have whacked that file? Thanks! > > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
